Practical Social Engineering Tactics

October 13, 2016 | Views: 6005

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Attackers know that hacking a WiFi key is just a temporary thing. Maybe they think, why not hack the entire connection instead? Well, here are some basic “tried and true” social engineering tactics that actually work, and you should be aware of. Don’t get taken advantage of by these simple actions.

1. The Cold Call: On hacking something, port scanning is done first to understand the target and system flow (services etc..). Short duration calls to your ISP can be made asking to change or reset your password.

A simple conversation might go like this:

“Hey, this is J**N here. How can I help you?”

“Hello, I just want to change my PPPoE password. I recently did a reset on my router, and I forgot the password. How can I change that?”

“Username please?”

“My username is ******”

“Is this your number? 7*******28??”

“Yes, this is mine.”

“and blah blah blah is your address??”

“Yes Yes…”

“You have to msg PASS followed by your username, and your reset password will be sent to your phone. You will soon find this format in your message box.”

“Fine, Thanks”

“Something else sir?”

“No”

“Have a good day.”

Conclusions:

  1. Only a username was requested. This can be easily acquired.
  2. If access to the phone connected to the account could be gained, an SMS to reset the password could easily be infiltrated.
  3. Just answering “yes” was insecure on the company’s side.
  4. The phone was the vulnerability here.

 

2. Getting more: Another call is placed to ISP support asking to change the phone number.

Sample conversation:

“I wanted to change my number.” (Obviously, calling from a different number)

The same conversation, on asking for username and it was provided.

He said that I had to verify my identity and asked, “May I know your old number, please?

I responded correctly.

He asked for my address. I told him.

He asked for my birth date. Again, correct information was provided to him.

“May I know your new number please?”

An alternate number was provided.

Once the confirmation message is sent to the new number, the attacker is now able to hack into someone else’s connection now. All that was needed was someone’s username and basic account information.

Conclusions:

  1. They verified with the information which was publicly available.
  2. What was needed to change the number?
    • Old Phone number
    • Address

3. Final Conclusions: It is not always necessary to be a programmer or an “elite” to hack into someone’s network or someone’s internet connection via hardcore hacking skills. You can do it non-technically too. I hope you all learned from this. Do let me know if you find some error or anything. Feel free to share what’s in your mind.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
5 Comments
  1. The Personal Information which we have provide in social media makes us vulnerable to such kind of attacks. Less Awareness about Cyber crime and social tricks on how we get struck up in mess are the reasons.

  2. The most disturbing thing about a Social Engineering attack is the fact that it is so easy to execute. One former hacker, Kevin Mitnick was a master of Social Engineering and reaped the benefits as a result. The human element always has been and always will be the Achilles Heel of any attempt to secure systems and devices. Disregard this fact at your peril.

  3. scary, because it is so true…

  4. its brief, i need more explanation

    • Hacking can happen without having to force info out of you. Some people willingly go handing out their info without any idea of what they just did. Which was giving out their info so they could just log in as easily as they could.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 744 / December 14, 2019
How do I Get MTA Certified?
Views: 1315 / December 12, 2019
How much does your PAM software really cost?
Views: 1752 / December 10, 2019
How Do I Get into Android Development?
Views: 2142 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel